Backup Systems Disaster Recovery Blog

Last week the dangerous ransomware, ‘Wanna Cry’, hit hundreds of thousands of victims wreaking havoc in computer systems across the globe. The victims from over 100 countries included the British NHS, FedEx in the US, Spanish Telecoms giant Telefonica, Germany’s Deutsche Bahn rail network, and the Russian Interior Ministry.

A single piece of malware froze users out of their systems by exploiting a previously identified vulnerability giving the hackers the leeway to demand a ransom equivalent to $300 dollars in untraceable bitcoin which would then be doubled if payment was not received in the first 72 hours.

Despite the global scale nature of the attack, it is believed not to be as fruitful as it first seemed, liberating its victims of a collective value somewhere in the region $55,000. A paltry sum when the total number of victims were taken into consideration.

As if this wasn’t enough, Cyber-Security firms have recently confirmed that another large-scale attack is underway. However, instead of locking a user out of their systems and holding the data contained within to ransom, this malware takes control setting the systems to work in a network of PCs and servers which mines a virtual currency. On such a large scale this operation proves to be lucrative for the hackers behind it who are then able to exchange this cyber-currency for a substantial financial gain – much more than sum extorted by the ‘Wanna Cry’ attack.

The rising costs of data lost in a cyber-attack

While the physical sum demanded of the organisations hit by the ransomware and other cyber-attacks was not eye-watering substantial in value, the cost to the victims goes much further. With systems shut down and data inaccessible for as much as 24 hours after the initial attacks, the cost to the individual businesses were substantial, both financially and reputationally.

In a recent study, it was calculated that cyber-attacks on UK businesses can cost investors as much as £42bn. While a typical FTSE 100 firm can face damages costing as much as £120 million after a breach.

Protecting organisational data against malware and other cyber security threats

As hackers grow in sophistication and new vulnerabilities are identified and consequently exploited, IT functions find themselves in a never-ending arms race.

IT security, virus and malware detection and employee education are all essential in maintaining high standards of data hygiene and protection.

Backup Systems are now Cyber Essentials Accredited

In light of these recent attacks, Backup Systems have undergone an independent review of current internal security measures and have been awarded the Cyber Essentials certification.

This government-backed certification scheme identifies a baseline standard of cyber security which is suitable for all organisations in all sectors by addressing five key controls. Organisations which implement these to a particular standard can prevent the vast majority of common cyber-attacks.

By achieving this standard level of accreditation in regards to our own data hygiene and protection, Backup Systems hope to demonstrate to our own clients and stakeholders that we have taken all the necessary precautionary measures to reduce the risk of a breach and to maintain high standards of data security.

Backup & Disaster Recovery as the best defence

Even with the highest security measures and most vigilant of employees there is perhaps no fail-safe preventative method against the latest hacking technology and software.

This means that the measures organisations take to ensure their data, systems and networks must play a crucial role in the defence against devastating losses caused by cyber infiltrations. Making the role of backup and disaster recovery crucial in the protection of organisational data.

As part of a sound data protection plan it is essential to perform frequent backups, stored in multiple locations, both on and offline. In the event of a disaster, these backups allow organisations to roll back or recover systems to a specific point in time before the introduction of the malware. Minimising the volume of data lost and eliminating any substantial impact to the organisation.

The frequency and type of backups performed must be evaluated against business continuity requirements. If these services are outsourced, the appropriate service level agreements must be put in place to ensure recovery times will meet with established objectives.

Cyber security concerns are on the rise and organisations must take the all the necessary measures to ensure that they are protected. While preventative measures are key in minimising the risk of ransomware and other cyber-attacks, it is perhaps impossible to devise a fail-safe method of avoiding an attack altogether. This makes it imperative that organisations devise a sound backup and disaster recovery strategy; allowing them to recover lost data quickly and efficiently.

Cost transparency, system flexibility and budget are all challenges of creating an effective backup and disaster recovery strategy.